'use strict'

module.exports = [
    {
        // pre: true,//表示中间件在接收body数据之前先执行
        middleware: async (c,next) => {
            //从消息头或者url获取token信息
            let token = c.headers.authorization || c.query.token;

            if(!token) {
                return c.status(401).send("permission deny!");
            }
            let data = '';
            try {
                data = c.helper.aesDecrypt(token,c.service.aeskey);
            } catch (error) {
                c.status(401).send("illegal token!");
            }
            
            //设定user数据，让下一层中间件或函数可以拿到用户数据
            c.box.user = data;
            
            await next();
        },
        method: ['POST','PUT','DELETE']
    }
]